CVE-2011-2201

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Date published : 2011-09-14

http://www.securityfocus.com/bid/48167

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511